Searching for the right path

I am wanting to get in to the security side of IT. I have a few boxes at home, I have a desktop running Server 2000 and 2003, a laptop running Linux and XP pro and a box running Ubuntu Linux. I am studying for my Linux + currently but what I really want to know is , what is a good path to follow to learn AND understand Security. I have heard becoming or learning hacking shows you hands on what a hacker looks for so you will know how to safeguard, but how do I set up my network so that I can learn these skills, and after i set them up where do I go from there? I am not trying to learn hacking just to say I know how to hack, I am really interested in the Security aspect of networking, way beyond just downloading a patch from Windoze and saying cool I am secure.
I know that there is Security + which teaches more theory than anything but what is a good tool or book to learn hands on with?

Comments

  • Chivalry1Chivalry1 Member Posts: 569
    Security + is a great cert for learning network security. I must honestly say that I enjoyed studying for the Security + cert. But I put everything in action when studying for this cert and not just understand the theory portion of this exam. And as far as books are concerned "Hacking Exposed" is HIGHLY RECOMMENDED!! Without this book I would not have understood network security and the Security + exam.

    After becoming Security + certified, my interest is truly in network security.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
  • ja5983ja5983 Member Posts: 129
    if you want to get security certified i would go:

    SEC+ ~> TICSA ~> SSCP or CISSP

    thats what i have done and every test just builds on the last, making each test a little easier and also giving you a deeper knowledge as you progress

    i would also suggest the hacking exposed book and if you really want to learn about the hacking stuff, the hacking revealed learnkeys are pretty good.
    Josh
    A+, Network+, Server+, Security+, TICSA, CCNA, MCSA, AS Network Engineering
  • xeviousxevious Member Posts: 59 ■■□□□□□□□□
    I have to agree with the other posts in that some theory is a great starting point.

    I'm not sure how you would like to use your lab setup, but it seems like you want to run a windows hack/exploit off your linux box and gain access to the servers.

    If that's the case, the first thing I'd suggest is getting Microsoft Security Solutions: Threats & Countermeasures and Windows 2003 Security. These docs are large, FREE, and a great way to help secure your server beyond just os patches. You'll want to establish a baseline for your network that has gone through some hardening plus you'll get a good feel for the registry, GPOs, and IPSEC.

    -Xevious
  • remyforbes777remyforbes777 Member Posts: 499
    Thanks for the suggestions. Any more would be quite welcomed.
  • EverythingPCownerEverythingPCowner Member Posts: 57 ■■□□□□□□□□
    I know you probably have heard.."its a mindset" .....but the truth is, it is to an extent. Dont let anyone say you cant because you dont think like that...but my theory is:

    If you look at anything and want to change it... just because you can... for example...putting linux
    on your furby (joke).....for no reason other than...proof of concept than you think like that.

    While it may help to have that mindset while working in security..from what ive seen...you definately want to shy away from the word hacking..at least untill you are established as someone who can be trusted. just my two cents
    Alabama or Bust!
Sign In or Register to comment.